Multiple Google AngularJs Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-8372 CVSS:4.8

Google AngularJS could allow a remote attacker to bypass security restrictions, caused by improper sanitization of the '[srcset]' attribute HTML elements. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass common image source restrictions.

CVE-2024-8373 CVSS:4.8

Google AngularJS could allow a remote attacker to bypass security restrictions, caused by improper sanitization of the value of the [srcset] attribute in <source> HTML elements. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass common image source restrictions.

Impact

Security Bypass

Indicators of Compromise

CVE

CVE-2024-8372
CVE-2024-8373

Affected Vendors

Google

Affected Products

Google AngularJS - 1.3.0-rc.4
Google AngularJS - 0.0.0

Remediation

Upgrade to the latest version of AngularJS NES, available from the AngularJS NES Website.

CVE-2024-8372

CVE-2024-8373

Recently Patched Vulnerability in CUPS Allows DDoS Attacks to be Amplified

APT Group Gamaredon aka Shuckworm – Active IOCs

Multiple Google AngularJs Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan